Mobile Phishing is one of the biggest unsolved cybersecurity problems today. This is because it is different and problematic on the mobile device.
Let’s look at what Phishing is?
It refers to the illegal practice of sending emails and pretending to be from a reputable organization to convince individuals to reveal personal information, such as account numbers, passwords/PINs, and debit/credit card numbers.
The most widely used phishing is when an attacker sends an email pretending to be someone else and tries to trick the recipient by logging into a website or downloading malware.
Email spoofing is also a preferable method for attackers, where they create an email header in such a way that it appears as if trusted senders have sent it.
Now let us see what Mobile Phishing is?
When we add mobile into the equation, phishing extends beyond emails into MMS and SMS messaging apps such as Snapchat, WhatsApp, and Facebook Messenger.
Mobile devices are connected outside firewalls, lacking endpoint security solutions and access to new messaging platforms that are not used on desktops.
Mobile users are most likely to fall for phishing as mobile UI does not identify these attacks, i.e. hovering over hyperlinks to show the destination page.
Myths and Facts about Phishing:
Myths | Facts |
---|---|
Current Phishing Protection is good for Mobile Devices. | Individuals can easily be tricked for falling for Phishing attacks on Mobile as compared to Desktop |
Mobile Phishing attacks can only be done through email | Some apps are unknowingly accessing suspicious URLs and websites |
Mobile websites which appear with Locks in the Browser are Safe | There is no Phishing Protection available in the market |
Not Clicking on Links will keep you safe | 96 percent of businesses use spam filters to block attempts of phishing |
If the link is not sent by E-Mail, it is Safe | Trojan-Downloader.JS.Sload is the most common malware in phishing emails |
Types of Phishing:
- Spear – Attackers send an email to a specific individual or department within a company that appears to be from a trusted source to commit such phishing attacks.
- Whaling – Criminals mostly target an enterprise’s top-level executive to carry out such attacks.
- Clone – Wrongdoers create nearly identical replicas of a web page or a message to trick the victim by making him think it is real in clone phishing attacks.
- Vishing – It stands for “voice phishing” and cybercriminals do it with the use of a phone. Here, the victim receives a voice message tricking him into a conversation.
- Snowshoeing – Attackers carry out snowshoeing by pushing out messages via multiple domains and IP addresses to bypass the email filters, reaching out straight to the inbox.
Recommended For You:
Web Designing Challenges in the Age of IoT
Crypto Micropayments: Promising Future of Blockchain Transactions